moai-security-compliance

The best-presented fragment aligns with its stated purpose of regulatory compliance tooling and demonstrates coherent data flows across classification, logging, retention, erasure, and evidence collection, plus optional Drata integration. Key risks include hardcoded retention values, potential cross-sink data exposure, and reliance on external services. With proper hardening (config-driven retention, per-sink masking, encryption, strict access control, and secure secret management), this design can be production-ready. Treat as a solid baseline with notable security review needed before deployment.